You really don't want to edit access.db directly, since the next time someone regenerates it from access.txt, you'll lose your changes. I think your request may be a bit too specialized to implement, but I admit there's no easy way to do what you want with the milter's current features, either.

Would adding a "X-Spam-Originating-IP: XX.XX.XX.XX" header be enough for you? You could use the -B flag and a procmail rule to extract the IP address, and call an external script to do the dirty work of updating the access.db.

Thanks for spamass-milter software. I have a suggestion, which I would be very grateful for, if implemented.
Can spamass-milter get some built-in facilities for optionally updating access.db database on the fly to include addresses in Received headers, on those letters that are considered spam by SpamAssassin, on C class network basis? If properly implemented, with reporting of what was changed on access.db, this would greatly help to keep recognized spammers away in the future.